Advertisement
Advertisement
Advertisement
Advertisement
US congress puts pressure on Microsoft over Cybersecurity

US congress puts pressure on Microsoft over Cybersecurity

US congress puts pressure on Microsoft over Cybersecurity

US congress puts pressure on Microsoft over Cybersecurity

Advertisement
  • The US Cyber Safety Review Board (CSRB) conducted a seven-month investigation into the incident.
  • The review recommended Microsoft create a plan for extensive security reforms across its products and practices.
  • Microsoft employs 34,000 engineers working full-time to address security shortcomings.
Advertisement

On Thursday, members of US Congress pressed Microsoft to explain how a “cascade of avoidable errors” allowed a Chinese hacking group to breach the emails of senior US officials.

Microsoft President Brad Smith spent more than three hours answering questions from members of the House Committee on Homeland Security in Washington. He assured them that cybersecurity is becoming more deeply woven into the culture of the technology company.

“Microsoft accepts responsibility for every one of the issues cited” in a scathing US government report about the breach “without equivocation or hesitation,” Smith told the committee.

The US Department of Homeland Security-led Cyber Safety Review Board (CSRB) conducted a seven-month investigation into last year’s incident involving the China-affiliated cyberespionage actor Storm-0558.

“Microsoft has an enormous footprint in both government and critical infrastructure networks,” US congressman and committee member Bennie Thompson said to Smith as the hearing opened.

“We have a shared interest in addressing the security issues raised by the (report) quickly.”

Advertisement

The operation, initially discovered by the US State Department in June 2023, involved hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft provides cloud computing services, such as Azure or Office360, which host sensitive data and drive business and government operations across major sectors of the economy.

The report criticized a Microsoft corporate culture that was “at odds with… the level of trust customers places in the company.”

The review identified a series of operational and strategic decisions made by Microsoft that opened the door to the breach, including the company’s failure to identify a compromised laptop of a new employee following a corporate acquisition in 2021.

It also found that Microsoft did not meet safety standards observed at competing cloud companies, such as Google, Amazon, and Oracle.

“The Board finds that this intrusion was preventable and should never have occurred,” the review said, pinpointing “the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed.”

Advertisement

The report also recommended that Microsoft create and publicly release a plan with timelines for implementing extensive security reforms across its products and practices.

“The real challenge is how you achieve effective lasting cultural change,” Smith said, noting Microsoft has nearly 226,000 employees.

Smith stated that Microsoft employs the equivalent of 34,000 engineers working full-time to address the security shortcomings, marking it as the largest engineering project focused on cybersecurity in the history of digital technology.

According to Smith, Microsoft’s board approved a change on Wednesday to tie cybersecurity accomplishments with annual bonuses for senior executives and integrate it into every employee’s annual review. Smith informed the committee that Microsoft detects approximately 300 million cyberattacks on its customers daily, with the majority originating from China, Iran, Korea, Russia, or ransomware operations.

“We’re dealing with four formidable foes in China, Russia, North Korea, and Iran, and they are getting better,” Smith said.

“We should expect them to work together; they’re waging attacks at an extraordinary rate.”

Advertisement

Smith added that adversaries will inevitably use artificial intelligence for increasingly sophisticated attacks, but he also noted that the technology is already being employed to bolster cyber defenses.

Also Read

US dollar rate in Pakistan on June 11 up by Re0.12 to Rs278.49
US dollar rate in Pakistan on June 11 up by Re0.12 to Rs278.49

KARACHI: The US dollar rate in Pakistan further strengthened by Re0.12 (12...

Advertisement
Advertisement
Read More News On

Catch all the Sci-Tech News, Breaking News Event and Latest News Updates on The BOL News


Download The BOL News App to get the Daily News Update & Follow us on Google News.


End of Article

Next Story